We performed a comparison between CrowdStrike Falcon and Wazuh based on real PeerSpot user reviews.
Find out in this report how the two Extended Detection and Response (XDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The Endpoint Manager is incredible; it has a very straightforward interface and is exceedingly easy to use. Pulling out and deploying different tags or resources is a simple task across various departments with different levels of security. The notifications are also simple and satisfying; it's great to see the bubble informing us which devices are compliant and which are waiting to update."
"The EDR and the way it automatically responds to ransomware and other attacks are valuable features."
"The integration between all the Defender products is the most valuable feature."
"The visibility into threats that 365 Defender provides is really good. You get a full review of your security system and what can be improved. In the Microsoft 365 Defender portal the first page gives you a really big summary of which security policies you are following and what can be improved."
"Scanning, vulnerability reporting, and the dashboard are the most valuable features."
"Microsoft Defender XDR is scalable."
"Setting up Microsoft 365 Defender is easy. It's a user-friendly solution that provides threat protection. It has good stability and scalability."
"The 'Incidents and Alerts' tab is a valuable feature where we can find triggered alerts."
"The stability is good; we haven't experienced any glitches or bugs."
"Scalability hasn't been an issue for us."
"The initial setup is very simple."
"As an EDR tool, we can integrate log management and event management. The solution deals with threats automatically, that's the advantage."
"CrowdStrike Falcon has done an excellent job at detecting breaches. It has allowed us to stay in business and keep our systems up."
"The most valuable features are the complete IPS and IDS."
"The 10 hours a week that we are freeing up from having to manage and monitor our AV solution has really allowed us to focus on other areas of the business. This has been a huge return on investment."
"From what we have seen, it is very scalable. We have recently acquired a company where someone had a ransomware attack when we joined networks. Within the course of just a few days, we were able to easily get CrowdStrike rolled out to about 300 machines. That also included the removal of that company's legacy anti-malware tool."
"My company implemented Wazuh because it was relatively inexpensive. They could quickly get their hands on it to check a box for some audit and compliance."
"We use it to find any aberration in our endpoint devices. For example, if someone installs a game on their company laptop, Wazuh will detect it and inform us of the unauthorized software or unintended use of the devices provided by the company."
"Integrates with various open-source and paid products, allowing for flexibility in customization based on use cases."
"Wazuh is free and easy to use. It is also adjustable, and we can use it on the cloud and on-premises."
"It's stable."
"It is a stable solution."
"Wazuh offers an enhanced HDR version that outperforms its competitors."
"I find the PCI DSS feature the most valuable, along with the feature that monitors the compliance of Windows and the CIS benchmarks on other devices like Unix or Linux systems."
"One of the biggest downsides of Microsoft products, in general, is that the menus are often difficult to find, as they tend to move from place to place between versions."
"Customers say they want absolutely seamless integration between other Microsoft solutions and Defender XDR, including the ability to change device settings within the Defender portal. They need to contact the IT team responsible for the device management tools to change some settings. They would prefer that those changes be initiated directly from the Defender portal or applied from Intune without involving the IT operations team."
"The abundance of sub-dashboards and sub-areas within the main dashboard can be confusing, even if it all technically makes sense."
"The price should be adjustable by region."
"The patching capability should be there. Patching is something that you cannot do even though you see the vulnerabilities present in your environment. For patching, you have to depend on another solution."
"The support could be more knowledgable to improve their offering."
"Automated playbooks and automated dashboards would be preferable to the way the data is currently being presented."
"Offboarding latency should be reduced. Even after a device has been successfully offboarded using a particular offboarding script, it still shows up as onboarded."
"The malware analysis could be improved, as that's what we use the solution for the most and that change would make it a better EDR tool."
"If we have a dashboard capability to uninstall agents, I think that would be great."
"CrowdStrike Falcon sometimes wrongly flags things as malicious. Let's say a user is active on Chrome only. Sometimes, our cross-segmenting will fetch from the backend data and show that it is malicious because of memory or CPU utilization."
"CrowdStrike Falcon could improve by having an easier way to search and use the interface for extracting queries from the data. The interface could improve."
"There are some areas where some customers would prefer a different service."
"The skillsets needed to run CrowdStrike Falcon are extensive if you want to get the most value out of the tool."
"An improvement would be to extend support to legacy and unsupported servers."
"The management reporting functionality needs to be improved."
"The implementation is very complex."
"Wazuh needs more security and features, particularly visualization features and a health monitor."
"Wazuh should come up with more in-built rules and integrations for the cloud."
"Some features, like alerting, are complex with Wazuh."
"The tool does not provide CTI to monitor darknet."
"We would like to see more improvements on the cloud."
"I think that the next release should be more suitable for large enterprises, because currently they are not because large companies do not rely on open source solutions."
"While it is scalable, it can suffer from reduced latencies."
CrowdStrike Falcon is ranked 1st in Extended Detection and Response (XDR) with 106 reviews while Wazuh is ranked 3rd in Extended Detection and Response (XDR) with 38 reviews. CrowdStrike Falcon is rated 8.8, while Wazuh is rated 7.4. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of Wazuh writes "It integrates seamlessly with AWS cloud-native services". CrowdStrike Falcon is most compared with Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security, Trend Vision One and Trellix Endpoint Security, whereas Wazuh is most compared with Elastic Security, Security Onion, Splunk Enterprise Security, AlienVault OSSIM and USM Anywhere. See our CrowdStrike Falcon vs. Wazuh report.
See our list of best Extended Detection and Response (XDR) vendors.
We monitor all Extended Detection and Response (XDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.